Can two LANs share one Internet connection

I have a situation where one small office (3 people/PCs) is going to share the office with another 3 people/PCs. The two attorneys are interested in sharing costs, including the Internet connection. Can this be done while maintaining two separate LANs? Not sure how to do this while securing (as much as possible) the respective LANs. Currently, there's one Comcast cable modem attached to one router. I'd need to branch from the cable modem to two LANs. Any thoughts, input and/or details appreciated.

Thanks. The Comcast cable modem simply passes through to the existing router through it's single LAN port. My (probably simplistic) idea is to add a small switch, then branch two TWO routers, each to its respective LAN. Just wondering if I can/should do that, and any pitfalls along the way.

Is the modem itself also a router? If so that's fine I would think. Otherwise I'd make the small switch another router instead. There would have to be common administration ability for the modem and 1st router (and kept in a mutually secure location) but each of the other two routers can be administered by each party for complete isolation, yet still share the same Internet connection.

The Following User Says Thank You to F.U.N. downtown For This Useful Post:

The Comcast cable modem simply passes through to the existing router through it's single LAN port. My (probably simplistic) idea is to add a small switch, then branch two TWO routers, each to its respective LAN. Just wondering if I can/should do that, and any pitfalls along the way.

Yes, you're on the right track, except as F.U.N. said, make the switch another router. You need three routers in a "Y" configuration. (You can't use a switch for the first router because something needs to give the two second-tier routers different WAN-side IP addresses--i.e., you need a DHCP server upstream to give them separate IPs.)

Here's a couple references that may help crystalize the configuration for you:

The first link explains how to do it, while the second link has a block diagram to help with visualizing the arrangement. Scroll all the way down to the last diagram, except you'll have two "Internal NAT Routers" instead of one to keep the two subnets isolated from each other.

There is a way to penetrate WAN-LAN barrier. For further separation, change to different domain/workgroup names on all PCs (change the default name WORKGROUP).
Also, use different LAN group IPs, such as 10.10.10.0-255+192.168.1.0-255, or 192.168.1.0-255+192.168.0.0-255.

Maybe good for small business on a budget. The far better way is to install expensive pro routers and setup the rules of the routers.

Either way, now you may have the problem sharing network printers! Let them buy separate personal or network printers. It works for small business.